Lucene search
K

20 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

8.6CVSS5.8AI score0.01895EPSS
In wildExploits1References12
EUVD
EUVD
added 2025/10/27 6:31 p.m.5 views

EUVD-2025-36211

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

7.5CVSS6.2AI score0.17464EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/27 12:0 a.m.7 views

EUVD-2025-36214

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

6.6AI score0.02102EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.67 views

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

0.17464EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29772

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.24353EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-29771

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.24353EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.7 views

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.5CVSS7.2AI score0.24353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.7 views

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

7.5CVSS7.4AI score0.01057EPSS
Exploits0References1
NVD
NVD
added 2023/01/12 11:15 p.m.21 views

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

7.5CVSS7.8AI score0.01057EPSS
Exploits0References1
OSV
OSV
added 2023/01/12 11:15 p.m.6 views

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.5CVSS5.8AI score0.24353EPSS
Exploits1References1
NVD
NVD
added 2023/01/12 11:15 p.m.32 views

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.5CVSS7.7AI score0.24353EPSS
Exploits1References1
Prion
Prion
added 2023/01/12 11:15 p.m.13 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

5CVSS7.6AI score0.24353EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.37 views

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.8AI score0.24353EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.7 views

Rocket Software TRUfusion 授权问题漏洞

Rocket Software TRUfusion is a simple, cost-effective solution from Rocket Software USA, Inc. It is used to ensure the secure exchange of CAD files and design data in PLM systems. A security vulnerability exists in Rocket Software TRUfusion Portal version v7.9.2.1, which originated from a...

7.5CVSS7.4AI score0.24353EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.8 views

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.4AI score0.24353EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.3 views

PT-2023-12775 · Rocket · Rocket Trufusion Portal

Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: A Server-Side Request Forgery SSRF issue allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

7.5CVSS6.9AI score0.24353EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.3 views

PT-2023-12776 · Rocket · Rocket Trufusion Portal

Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: The issue concerns the Forgotten Password functionality, which allows remote attackers to bypass authentication. This is achieved by validating the user's session token when the "Password...

7.5CVSS7AI score0.24353EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.4 views

Rocket Software TRUfusion 代码问题漏洞

Rocket Software TRUfusion is a simple, cost-effective solution from Rocket Software USA, Inc. It is used to ensure the secure exchange of CAD files and design data in PLM systems. A security vulnerability exists in Rocket Software TRUfusion Portal version v7.9.2.1, which originates from server-si...

7.5CVSS7.3AI score0.24353EPSS
Exploits1References2
CVE
CVE
added 2023/01/12 12:0 a.m.50 views

CVE-2022-25027

The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...

7.5CVSS7.7AI score0.01057EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/12 12:0 a.m.56 views

CVE-2022-25026

CVE-2022-25026 is a Server-Side Request Forgery in Rocket TRUfusion Portal v7.9.2.1. An attacker can trigger requests to /trufusionPortal/upDwModuleProxy to access internal resources. CVSS v3.1 base score 7.5 (HIGH); vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. No exploitation details or remediati...

7.5CVSS7.6AI score0.24353EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder